Preparing for the Future of EdTech Security: What Companies Need to Know

What is EdTech?

Short for education technology,  EdTech includes applications and digital technology used in primary, secondary, and corporate training to enhance the educational experience in different areas, such as logistics, management, teaching, and learning. 

The EdTech market size was valued at USD 123.40 billion in 2022 and is expected to continue growing at a compound annual growth rate of 13.6% till the end of the decade.

Preparing for the Future of EdTech Security: What Companies Need to Know

Technologies That Will Likely Drive EdTech Market Growth

COVID-19 was a global event that forced schools and students to leverage technology to help them avoid major educational interruptions. The shift towards technology in school and class has continued to gain traction across the world.

With the emergence of generative artificial intelligence, the EdTech market is expected to experience explosive growth. As teaching models shift from traditional teacher-led instruction to interactive, multi-sensory approaches, the online learning market is in the process of an all-out transformation. Innovation in the following areas has led to a new creative approach to education:

  • artificial intelligence (AI)
  • augmented Reality (AR)
  • game-based learning (gamification)
  • mobile-based learning 

EdTech Needs a Class on Security

With all the digital bells and whistles making their way into the classrooms of today, EdTech companies must carefully consider student privacy and cybersecurity while they innovate and produce top-notch educational solutions for students. Everyone should be concerned about privacy and security issues in technology, but it becomes even more crucial when dealing with EdTech security risks and students’ personal information.

Rising Cyber Threats in the Education Sector

Cybersecurity EdTech initiatives are not currently getting as much attention as other sectors like banking and finance, manufacturing, or healthcare. The latter categories are regarded by governments as part of their critical national infrastructures and therefore are prioritized in security policies, and understandably so. 

But in reality, the very real threat of cyber risks is as much about critical infrastructure risks and high-profile operations as it is about the day-to-day breaches that impact the quality of lives of individuals, especially vulnerable children.

Cyber incidents are increasingly becoming the ‘new normal’. They occur and evolve daily in a persistent, albeit non-dramatic manner. They destabilize societies, though without the apocalyptic drama so commonly described in cyber predictions of the future. 

Today’s students are being nurtured in this reality.

Human Rights Watch Study

Human Rights Watch conducted an analysis of EdTech products between March and August of 2021. The study intended to shed light on the prevalence and frequency of tracking technologies embedded in each product on a given date in that window. 

In the haste to get kids into virtual classrooms during the pandemic, many governments failed to conduct due diligence to check that the platforms being used were actually safe for children.

Of the 163 EdTech products reviewed in countries around the globe, 145 of them (89%) seemed to engage in practices that put student privacy and rights at risk. Many of the products analyzed in the study monitored children, often without the consent of children or their parents.

Security Transformations in Educational Institutions

As awareness of the pitfalls in vulnerable apps and platforms grows, many educational institutions are deep into the process of major digital and cybersecurity transformations. Schools and universities are looking to reframe the way they approach cybersecurity and student privacy. 

Who’s Protecting Our Students?

Schools and institutions obviously have their fair share of responsibility in protecting a vast amount of data, but EdTech companies need to shoulder the burden as cyber and privacy risks continue to make headway into every corner of our educational facilities.

EdTech companies are not covered by broad mandated security standards. Although there are a few effective laws regarding student privacy, they don’t compare in scope to the laws surrounding healthcare and finance.

It’s important for product developers and companies to ensure that they comply with relevant security standards and invest in tools, people, and professional security services while developing EdTech solutions.

Read on as we discuss what the future holds for  EdTech companies. We’ll take a  look at some of the ways that businesses in the EdTech sector can address security and privacy as we move into the future. 

First, we’ll go over some of the significant student privacy laws that serve as a guide for EdTech companies, teachers, and school districts.

Get to Know the Laws

Understanding the laws put into place to safeguard data in the EdTech field should give you a well-rounded understanding of the risks and pitfalls in the industry. Also, when working on constructing your EdTech app, it will be easier for you to create better student privacy rules if you are aware of the data privacy constraints that are in place. 

Data security breach EdTech comes at a very steep costs. It is of utmost importance that EdTech companies follow compliance standards and keep cybersecurity controls in place and regularly assess their efficiency.

The US has passed two major bodies of federal legislation that apply to EdTech companies:

  • Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records.
  • Children’s Online Privacy Protection Act (COPPA) mandates parental consent for the collection and use of any personal information related to children online.
  • The Protection of Pupil Rights Amendment (PPRA) focuses on the protection of student information collected through surveys and parental consent regarding the same.
  • Student Privacy Pledge is an industry pledge to protect student privacy in terms of the collection, maintenance, and usage of student information. It is voluntary but legally binding.
  • In the EU, General Data Protection Regulation (GDPR) is the regulatory framework for the management of data privacy of individuals. It covers EdTech companies as well where organizations assess and process large volumes of information involving user data.

Some states have passed their own laws, as well.

  1. California’s Student Online Personal Information Protection Act (SOPIPA) is regarded as the forerunner of state EdTech laws. Many of the principles of SOPIPA have been mimicked in other states. 

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days

Learn more about EdTech Security

What the Future Holds for EdTech Security

As awareness and expectations in the education sphere expand, the success of EdTech vendors will depend more and more on their ability to pledge compliance with accepted cybersecurity standards to the districts and institutions they wish to work with. EdTech companies are poised to make huge strides in the next decade and will need to seek to bolster their security stance to drive value. 

Going forward, student and privacy advocates want to see the governments playing a more central role in regulating the EdTech market. The stiff competition in the EdTech market alongside a glaring lack of adequate legislation about the quality of EdTech products results in EdTech developers and companies focusing on products and compromising on security.

Here are a few probable trends that are worth keeping in mind.

Get a Badge or Make a Pledge

Several new initiatives are offering EdTech security providers a badge for certification that they can show to potential customers. This provides a way for districts and procurement teams to have a shared fact base of EdTech products.

On this note, the Student Privacy Pledge is an education industry pledge to protect student privacy in terms of the collection, maintenance, and usage of student information. It is voluntary but legally binding.

Standardized Assessments

Districts have long said they are deluged with pitches from ed-tech providers and by often questionable claims of offering secure products. Certifications and standard assessments level the comparison playing field when purchasing EdTech products and services. With standardized assessments and certifications, vendors can easily show education institutions that “they’ve done their homework”.

Because the procurement process at higher education facilities can be inconsistent, HECVAT was developed as an assessment toolkit. The HECVAT, short for Higher Education Community Vendor Assessment Tool, is a questionnaire tool designed to help institutions of higher education measure vendor risk. Dozens of organizations have adopted HECVAT to measure the potential risks of third and fourth-party vendors. This trend is likely to gain momentum in all educational facilities.

Greater Transparency 

Why is transparency so central to EdTech? The more details a vendor provides, the more open and transparent their privacy policy is, and the more room it gives for districts and educational institutions to make a sound judgment regarding the safety of users of a given product. 

Without a clear body of legislation overseeing the development of EdTech solutions, procurement teams rely on vendor privacy policies, among other factors, to determine the best choice of an EdTEch product or service among a list of competitors.

Making decisions without sufficient information is very challenging. Schools will be looking for clear information and big-text details when it comes to privacy policies

Ultimately, transparency in EdTech firms will help them develop their own brand image and foster a long-lasting, trusted relationship with their users.

Regulatory Oversight

Enforcement is needed as the Ed-Tech sector faces a consumer base that is well aware of the pitfalls of a lack of regulation. Voluntary measures like the U.S.-based Student Privacy Pledge have definitely raised awareness of privacy concerns but leave too much leeway for questionable business practices, including the licensing of student data and its use in generating anonymous profiles. 

Advocacy groups have been sounding the alarm for stricter regulatory oversight and comprehensive state or federal guidance for years. Nearly three years after the U.S. Department of Education and the Federal Trade Commission suggested further guidance was forthcoming, little new regulatory activity has emerged. Notably, there has been no public state investigation against ed-tech providers under U.S. state student privacy laws.

Growing Job Market

The demand for qualified professionals will rise as the EdTech industry expands, creating more jobs. Some of the most sought-after positions include cybersecurity analysts, UX designers, and front- and back-end developers. Even while these positions need expertise in fields like computer languages, data science, and UX design, EdTech organizations will likely seek applicants with skills in security and privacy protection.  

How Centraleyes Helps the Education Sector

Centraleyes helps educational institutions and their suppliers and vendors meet security and privacy requirements and prepare for expansion to future security frameworks. We look forward to helping many more schools, universities, and EdTech companies achieve a strong security stance that builds trust and supports growth.

At Centraleyes, we believe in preparing students for the future challenges posed by today’s risks. We have collaborated with Florida State University (FSU) as part of a wider program aimed at global Higher Education institutions. This program provides access to exclusive content and next-generation software to further enhance the hands-on training these institutions are providing their students.

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days

Looking to learn more about EdTech Security?
Skip to content